Details about PLATINUM's targets and attacks are available in a report Microsoft released yesterday.
http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf
http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf
Spoofing caller-ID is easy with VoLTE (Voice over LTE) tempering with SIP headers, no check whatsoever 😱 #SSTIC
Leaking CellID (geolocation) and IMEI of VoLTE subscribers with a single SIP INVITE request #Privacy
Node.fz: fuzzing the server-side event-driven architecture
Node.fz: Fuzzing the server-side event-driven architecture Davis et al., EuroSys’17
This paper provides a fascinating look at common causes of concurrency bugs in server-side event driven architecture (EDA) based applications. By far the most popular framework supporting this style is Node.js of course.
"The Node.js package ecosystem, npm, is the largest ever, with over 400,000 packages and over 1.75 billion package downloads per week. Node.js has been deployed in industry, including at eBay, PayPal, and LinkedIn, and is also being embraced on IoT platforms including Cylon.js and IBM’s Node-Red."
https://blog.acolyer.org/2017/06/09/node-fz-fuzzing-the-server-side-event-driven-architecture/
Node.fz: Fuzzing the server-side event-driven architecture Davis et al., EuroSys’17
This paper provides a fascinating look at common causes of concurrency bugs in server-side event driven architecture (EDA) based applications. By far the most popular framework supporting this style is Node.js of course.
"The Node.js package ecosystem, npm, is the largest ever, with over 400,000 packages and over 1.75 billion package downloads per week. Node.js has been deployed in industry, including at eBay, PayPal, and LinkedIn, and is also being embraced on IoT platforms including Cylon.js and IBM’s Node-Red."
https://blog.acolyer.org/2017/06/09/node-fz-fuzzing-the-server-side-event-driven-architecture/
En el curso en línea de #HackingWindows se hace uso de las herramientas liberadas de la NSA + empire + metasploit !! cursos@tpx.mx
+++ ++++ + + + ++ +++++ ++ ++ + + + + + +
+ Aquí ya somos más de 1006 ! ++
+ Gracias por seguirnos en telegram !! ++
+++ ++++ + + + ++ +++++ ++ ++ + ++++++ +
* * *
*|_*|_*|*_ c[ÏIIÏ]
.-' |* |* |*| '-.
|`-...................-'| c[ÏÏÏ]
| tpx Security |
\ _ .-. .-._.-. _ /
,-|'-' '-' '- ' '-'|-,
/` \._ _./ `\
'._ """""""""" _.'
—— ''--.......--''
Gracias -
^— - Es un pastel !!
|__ Creo...
+ Aquí ya somos más de 1006 ! ++
+ Gracias por seguirnos en telegram !! ++
+++ ++++ + + + ++ +++++ ++ ++ + ++++++ +
* * *
*|_*|_*|*_ c[ÏIIÏ]
.-' |* |* |*| '-.
|`-...................-'| c[ÏÏÏ]
| tpx Security |
\ _ .-. .-._.-. _ /
,-|'-' '-' '- ' '-'|-,
/` \._ _./ `\
'._ """""""""" _.'
—— ''--.......--''
Gracias -
^— - Es un pastel !!
|__ Creo...
Jean E. Sammet, the American computer scientist who developed the FORMAC programming language and was the first woman to serve as President of ACM, passed away May 21 at the age of 89.
http://www.i-programmer.info/news/82-heritage/10811-jean-sammet.html
http://www.i-programmer.info/news/82-heritage/10811-jean-sammet.html
Exploiting CVE-2017-0199 HTA & Scriptlet File Handler Vulnerability using @vFeed_IO with metasploit exploitdb SAINTscan. All in 1 !! B|
31 yrs ago, while there was no #internet, #ARPANet Addresses was published by 2600 MagazineV0103 #networking #DoD #defence There was no DNS too ;)
Microsoft actualiza Windows resolviendo las vulnerabilidades de la NSA
Varias versiones de Windows se han actualizado a través de Windows Update con la intención de evitar que vuelva a producirse algo como lo de WannaCry. Aquella infección venía de unas vulnerabilidades encontradas por la Agencia de Seguridad Nacional de los Estados Unidos, la NSA, que se filtraron y aprovecharon con un ransomware masivo. Ahora se han filtrado más vulnerabilidades siguiendo la misma línea, y Microsoft se ha dado prisa en lanzar los correspondientes parches de seguridad.
https://www.adslzone.net/2017/06/14/microsoft-actualiza-windows-resolviendo-las-vulnerabilidades-de-la-nsa/
Varias versiones de Windows se han actualizado a través de Windows Update con la intención de evitar que vuelva a producirse algo como lo de WannaCry. Aquella infección venía de unas vulnerabilidades encontradas por la Agencia de Seguridad Nacional de los Estados Unidos, la NSA, que se filtraron y aprovecharon con un ransomware masivo. Ahora se han filtrado más vulnerabilidades siguiendo la misma línea, y Microsoft se ha dado prisa en lanzar los correspondientes parches de seguridad.
https://www.adslzone.net/2017/06/14/microsoft-actualiza-windows-resolviendo-las-vulnerabilidades-de-la-nsa/
Top university under 'ransomware' cyber-attack
University College London, one of the world's leading universities, has been hit by a major cyber-attack.
The university describes it as a "ransomware" attack, such as last month's cyber-attack which threatened NHS computer systems.
The attack was continuing on Thursday, with access to online networks being restricted.
http://www.bbc.com/news/education-40288548
University College London, one of the world's leading universities, has been hit by a major cyber-attack.
The university describes it as a "ransomware" attack, such as last month's cyber-attack which threatened NHS computer systems.
The attack was continuing on Thursday, with access to online networks being restricted.
http://www.bbc.com/news/education-40288548
WIN32/INDUSTROYER
A new threat for
industrial control systems
https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf
A new threat for
industrial control systems
https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf
Your interpreter isn’t safe anymore — The PHP module rootkit
https://blog.paradoxis.nl/your-interpreter-isnt-safe-anymore-the-php-module-rootkit-c7ca6a1a9af5
https://blog.paradoxis.nl/your-interpreter-isnt-safe-anymore-the-php-module-rootkit-c7ca6a1a9af5
Researcher manipulates network connections to make fellow gamers lag. Doesn't work on modern cloud-based games https://www.youtube.com/watch?v=j8qGPam3NgA
YouTube
110 Network manipulation on video games Alex Kot
These are the videos from CircleCityCon 2017: http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist